Effective Date: August 29, 2025
This Privacy Policy describes how Optimized-Marketing.com LLC (“Company,” “we,” “us,” “our”) collects, uses, discloses, and protects personal information in connection with our customer relationship management platform OMI – Optimized Marketing Intelligence and related services (the “Service”). If you use the Service as or for a business customer (“Customer”), this Policy explains our role both as a controller (for our own account/billing/operations data) and as a processor/service provider (for the CRM data you load into OMI).
By using the Service, you agree to this Policy. Capitalized terms not defined here have the meanings in your agreement with us (e.g., Terms & Conditions, Data Processing Addendum).
1. WHO WE ARE; SCOPE
1.1 Controller and Processor Roles.
(a) Controller: We act as controller for information about Customer’s account owners and Authorized Users (e.g., signup details, billing, security logs, product analytics) and for our own marketing contacts.
(b) Processor/Service Provider: We process “Customer Data” (e.g., your contacts, leads, communications content, lists, campaign metadata) only on your documented instructions under our Data Processing Addendum (“DPA”) and service terms. You (the Customer) are the controller of Customer Data.
1.2 Not Covered.
This Policy does not apply to third-party websites or services that link to or integrate with OMI. Their privacy practices are governed by their own policies.
2. PERSONAL INFORMATION WE COLLECT
Depending on how you interact with the Service, we may collect:
2.1 Account & Profile Data (controller). Name, business contact details, login/email, role, photo/avatar (optional), and plan selections.
2.2 Billing & Transactions (controller). Billing address, last-four of card or tokenized payment identifiers, tax IDs, invoices, and payment history (payments are processed by our PCI-compliant provider).
2.3 Service Usage & Device Data (controller). App and API logs, IP address, device/browser type, settings, crash reports, session timestamps, feature engagement, and referral/UTM data.
2.4 Security & Access Controls (controller). Multi-factor settings, role/permission assignments, change approvals, login history, and administrative actions.
2.5 Customer Data (processor). Contacts/leads, messages (email/SMS/voice), call/SMS metadata, forms, files, campaign configurations, responses, tags/notes, and integration data synchronized from connected systems (e.g., email, calendars, ad platforms, telephony, help desk).
2.6 Support & Communications (controller/processor). Tickets, chat, call recordings (where permitted), screenshots, and feedback.
2.7 Inferred/Derived Data. Aggregated or de-identified metrics derived from the above (e.g., deliverability rates, workflow performance).
3. SOURCES OF INFORMATION
- You and your Authorized Users (account setup, uploads, API calls).
- Your connected systems and vendors (integrations you enable).
- Automatic collection via cookies/SDKs and similar technologies within the Service.
- Our service providers (e.g., fraud prevention, analytics, messaging carriers).
- Public sources where lawful (e.g., WHOIS snapshots during incident response).
4. HOW WE USE PERSONAL INFORMATION
4.1 Provide and secure the Service (set up accounts, route messages, maintain infrastructure, authenticate, prevent abuse, resolve incidents).
4.2 Support and improve the Service (troubleshooting, analytics, feature development, quality assurance).
4.3 Communicate with you (service notifications, security alerts, billing, changes to terms).
4.4 Billing and account administration.
4.5 Compliance and enforcement (detect, prevent, and respond to fraud, misuse, and legal process).
4.6 With consent where required (e.g., optional beta programs, testimonials, marketing emails).
Legal bases for EEA/UK/Swiss users: performance of contract; legitimate interests (e.g., product security, improvement); compliance with legal obligations; consent where applicable.
5. HOW WE DISCLOSE INFORMATION
We may disclose personal information to:
5.1 Service Providers/Processors. Infrastructure, storage, customer support, analytics, security, email/SMS/voice carriers, and integration partners who process data under contract and in accordance with this Policy and the DPA.
5.2 Third-Party Platforms You Connect. If you enable an integration, we share the data necessary to operate that integration per your settings.
5.3 Professional Advisors and Compliance. Auditors, insurers, legal counsel; law enforcement or regulators where required by law or to protect rights and safety.
5.4 Business Transfers. In a merger, acquisition, financing, or sale of assets, personal information may be transferred subject to continued protections.
5.5 Aggregated/De-identified Data. We may share aggregated or de-identified insights that do not identify individuals or Customers; we commit not to re-identify such data.
We do not sell Customer Data and we do not “share” Customer Data for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.
6. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies to authenticate sessions, remember settings, prevent fraud, and measure product performance. You can control certain cookies via in-app settings or your browser. Some cookies are essential for the Service to function. For marketing-site cookies (outside the product), additional choices may be presented via a site banner.
7. DATA RETENTION
We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Customer Data retention follows your configurations and our agreement; upon termination, we delete or return Customer Data per the DPA and our retention schedule, subject to legal holds and disaster-recovery backups.
8. SECURITY
We implement administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, logging, least-privilege). No system is 100% secure; we cannot guarantee absolute security. If we act as your processor, we will notify you of a personal-data breach without undue delay consistent with our DPA.
9. YOUR PRIVACY RIGHTS AND CHOICES
Subject to applicable law, you may have the right to:
- Access, correct, or delete personal information;
- Receive a portable copy;
- Opt out of targeted advertising, certain profiling, or “sales” of personal information (we do not “sell” Customer Data);
- Withdraw consent where processing is based on consent;
- Appeal a decision if we deny your request.
How to exercise your rights:
Email: privacy@optimized-marketing.com
Web form: [link to your privacy request form]
Postal: Optimized-Marketing.com LLC, Attn: Privacy, PO Box 328, Star Junction, PA 15482
Verification: We may request information to verify your identity/authority. Authorized agents may submit requests subject to verification and proof of authorization. We will respond within 45 days (or as permitted by law) and may extend once by 45 days with notice.
Appeals: If we deny your request, you may appeal by emailing appeals@optimized-marketing.com. If you remain unsatisfied, you may contact your state attorney general or applicable data protection authority.
Marketing Opt-Out: You can opt out of our marketing emails by using the unsubscribe link. Service and security notices are transactional and not subject to opt-out.
Global Privacy Control/“Do Not Track”: For our websites, we honor applicable browser-based opt-out signals (e.g., GPC) where required by law.
10. ADDITIONAL DISCLOSURES FOR U.S. STATE LAWS (INCLUDING CALIFORNIA)
10.1 Categories Collected. In the last 12 months we collected: identifiers (e.g., name, email, IP), commercial info (subscriptions), internet/network activity (usage logs), geolocation (coarse IP-based), professional/employment info (titles), and inferences (product usage patterns). Sensitive personal information is not required to use OMI and should not be uploaded unless expressly permitted by contract.
10.2 Purposes. See Section 4. We do not use or disclose sensitive personal information for purposes other than those permitted by law.
10.3 “Sale”/“Sharing.” We do not sell personal information and do not share Customer Data for cross-context behavioral advertising. Limited website analytics/marketing on our corporate sites may be considered “sharing”; you can opt out via site controls/GPC.
10.4 Disclosure for Business Purposes. We disclose personal information to service providers for business purposes as described in Section 5.
10.5 Nondiscrimination. We will not discriminate against you for exercising your privacy rights.
11. EEA/UK/SWISS USERS
11.1 Controller. Optimized-Marketing.com LLC is the controller for account/operations data. For Customer Data, we act as processor under the DPA.
11.2 Legal Bases. See Section 4. For marketing communications, our legal basis is consent or legitimate interests as applicable.
11.3 International Transfers. We may transfer personal information to countries without equivalent data-protection laws (e.g., United States). We use appropriate safeguards such as the EU Standard Contractual Clauses (and the UK addendum where applicable). Copies of relevant safeguards are available upon request (subject to redaction).
11.4 Data Protection Officer/Representative.
Privacy Contact: privacy@optimized-marketing.com
EU/UK Representative (if appointed): [Entity/Contact Details]
12. CHILDREN’S PRIVACY
The Service is not directed to children and is intended for business use by adults. We do not knowingly collect personal information from individuals under 16. If you believe a child has provided personal information, contact us to request deletion.
13. CUSTOMER RESPONSIBILITIES (WHEN WE PROCESS AS YOUR PROCESSOR)
13.1 Lawful Instructions. You will ensure you have a lawful basis and required notices/consents for Customer Data you submit to the Service (e.g., opt-ins for email/SMS/voice under anti-spam and telemarketing laws).
13.2 Security Configuration. You are responsible for configuring and managing your users, roles, authentication (e.g., MFA), shared-credential risks, and integrations. You are also responsible for honoring data-subject requests relating to Customer Data; we will assist you as described in the DPA.
13.3 Messaging Carriers and Registrations. You are responsible for required registrations and fees (e.g., A2P/10DLC brand and campaign registrations), and for content compliance with carrier policies. HighLevel Support Portal
14. SUB-PROCESSORS (HIGHLEVEL)
14.1 HighLevel as Core Sub-Processor. We operate OMI on a white-label basis using the HighLevel platform. In providing the Service, we engage HighLevel Inc. as a sub-processor, and HighLevel may use additional sub-processors. For details, please see HighLevel’s Privacy Policy, Data Processing Agreement (including sub-processor annexes), and public Sub-Processors list. GoHighLevel+2GoHighLevel+2
14.2 Privacy & Security Posture. HighLevel provides privacy and security information (including certification under the EU Data Privacy Framework) in its public privacy/security resources. GoHighLevelHighLevel Support Portal
14.3 HIPAA Option. HighLevel accounts are not HIPAA-compliant by default; HIPAA is an optional, paid upgrade that must be enabled at the agency level for covered-entity/PHI use cases. If you intend to process PHI, do not use OMI for PHI until a mutually executed BAA is in place and the HIPAA add-on is enabled. HighLevel Support Portal
14.4 Status Notifications. For transparency around uptime and incidents that may affect the platform, you can monitor HighLevel’s public status page at status.gohighlevel.com.
15. INTERNATIONAL USERS OUTSIDE THE EEA/UK
By using the Service, you understand that your personal information may be processed in the United States and other countries where we or our providers operate. Those locations may have different data-protection laws than your country of residence.
16. CHANGES TO THIS POLICY
We may update this Policy to reflect operational, legal, or regulatory changes. If we make material changes, we will provide reasonable notice (e.g., in-app, email, or website notice). Your continued use of the Service after the effective date of an update constitutes acceptance.
17. CONTACT US
For questions or concerns about this Policy, or to exercise your rights, contact:
Email: privacy@optimized-marketing.com
Security Reporting: security@optimized-marketing.com
Appeals (privacy requests): appeals@optimized-marketing.com
Postal: Optimized-Marketing.com LLC, Attn: Privacy, PO Box 328, Star Junction, PA 15482
18. SUPPLEMENTS
18.1 Data Processing Addendum (DPA). Our DPA (including Standard Contractual Clauses, where applicable) governs our processing of Customer Data as your processor/service provider. To request the DPA, contact privacy@optimized-marketing.com. (For HighLevel’s own DPA and sub-processor annexes, see the HighLevel links referenced above.) GoHighLevel
18.2 Sub-Processors. We maintain a list of our sub-processors (including HighLevel) and will provide notice of material changes as required by the DPA. HighLevel also publishes its own sub-processors list and update mechanism. GoHighLevel
Effective Date: August 29, 2025
This Privacy Policy describes how Optimized-Marketing.com LLC (“Company,” “we,” “us,” “our”) collects, uses, discloses, and protects personal information in connection with our customer relationship management platform OMI – Optimized Marketing Intelligence and related services (the “Service”). If you use the Service as or for a business customer (“Customer”), this Policy explains our role both as a controller (for our own account/billing/operations data) and as a processor/service provider (for the CRM data you load into OMI).
By using the Service, you agree to this Policy. Capitalized terms not defined here have the meanings in your agreement with us (e.g., Terms & Conditions, Data Processing Addendum).
1. WHO WE ARE; SCOPE
1.1 Controller and Processor Roles.(a) Controller: We act as controller for information about Customer’s account owners and Authorized Users (e.g., signup details, billing, security logs, product analytics) and for our own marketing contacts.(b) Processor/Service Provider: We process “Customer Data” (e.g., your contacts, leads, communications content, lists, campaign metadata) only on your documented instructions under our Data Processing Addendum (“DPA”) and service terms. You (the Customer) are the controller of Customer Data.
1.2 Not Covered.This Policy does not apply to third-party websites or services that link to or integrate with OMI. Their privacy practices are governed by their own policies.
2. PERSONAL INFORMATION WE COLLECT
Depending on how you interact with the Service, we may collect:
2.1 Account & Profile Data (controller). Name, business contact details, login/email, role, photo/avatar (optional), and plan selections.2.2 Billing & Transactions (controller). Billing address, last-four of card or tokenized payment identifiers, tax IDs, invoices, and payment history (payments are processed by our PCI-compliant provider).2.3 Service Usage & Device Data (controller). App and API logs, IP address, device/browser type, settings, crash reports, session timestamps, feature engagement, and referral/UTM data.2.4 Security & Access Controls (controller). Multi-factor settings, role/permission assignments, change approvals, login history, and administrative actions.2.5 Customer Data (processor). Contacts/leads, messages (email/SMS/voice), call/SMS metadata, forms, files, campaign configurations, responses, tags/notes, and integration data synchronized from connected systems (e.g., email, calendars, ad platforms, telephony, help desk).2.6 Support & Communications (controller/processor). Tickets, chat, call recordings (where permitted), screenshots, and feedback.2.7 Inferred/Derived Data. Aggregated or de-identified metrics derived from the above (e.g., deliverability rates, workflow performance).
3. SOURCES OF INFORMATION
- You and your Authorized Users (account setup, uploads, API calls).
- Your connected systems and vendors (integrations you enable).
- Automatic collection via cookies/SDKs and similar technologies within the Service.
- Our service providers (e.g., fraud prevention, analytics, messaging carriers).
- Public sources where lawful (e.g., WHOIS snapshots during incident response).
4. HOW WE USE PERSONAL INFORMATION
4.1 Provide and secure the Service (set up accounts, route messages, maintain infrastructure, authenticate, prevent abuse, resolve incidents).4.2 Support and improve the Service (troubleshooting, analytics, feature development, quality assurance).4.3 Communicate with you (service notifications, security alerts, billing, changes to terms).4.4 Billing and account administration.4.5 Compliance and enforcement (detect, prevent, and respond to fraud, misuse, and legal process).4.6 With consent where required (e.g., optional beta programs, testimonials, marketing emails).
Legal bases for EEA/UK/Swiss users: performance of contract; legitimate interests (e.g., product security, improvement); compliance with legal obligations; consent where applicable.
5. HOW WE DISCLOSE INFORMATION
We may disclose personal information to:
5.1 Service Providers/Processors. Infrastructure, storage, customer support, analytics, security, email/SMS/voice carriers, and integration partners who process data under contract and in accordance with this Policy and the DPA.5.2 Third-Party Platforms You Connect. If you enable an integration, we share the data necessary to operate that integration per your settings.5.3 Professional Advisors and Compliance. Auditors, insurers, legal counsel; law enforcement or regulators where required by law or to protect rights and safety.5.4 Business Transfers. In a merger, acquisition, financing, or sale of assets, personal information may be transferred subject to continued protections.5.5 Aggregated/De-identified Data. We may share aggregated or de-identified insights that do not identify individuals or Customers; we commit not to re-identify such data.
We do not sell Customer Data and we do not “share” Customer Data for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.
6. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies to authenticate sessions, remember settings, prevent fraud, and measure product performance. You can control certain cookies via in-app settings or your browser. Some cookies are essential for the Service to function. For marketing-site cookies (outside the product), additional choices may be presented via a site banner.
7. DATA RETENTION
We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Customer Data retention follows your configurations and our agreement; upon termination, we delete or return Customer Data per the DPA and our retention schedule, subject to legal holds and disaster-recovery backups.
8. SECURITY
We implement administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, logging, least-privilege). No system is 100% secure; we cannot guarantee absolute security. If we act as your processor, we will notify you of a personal-data breach without undue delay consistent with our DPA.
9. YOUR PRIVACY RIGHTS AND CHOICES
Subject to applicable law, you may have the right to:
- Access, correct, or delete personal information;
- Receive a portable copy;
- Opt out of targeted advertising, certain profiling, or “sales” of personal information (we do not “sell” Customer Data);
- Withdraw consent where processing is based on consent;
- Appeal a decision if we deny your request.
How to exercise your rights:Email: privacy@optimized-marketing.comWeb form: [link to your privacy request form]Postal: Optimized-Marketing.com LLC, Attn: Privacy, PO Box 328, Star Junction, PA 15482
Verification: We may request information to verify your identity/authority. Authorized agents may submit requests subject to verification and proof of authorization. We will respond within 45 days (or as permitted by law) and may extend once by 45 days with notice.
Appeals: If we deny your request, you may appeal by emailing appeals@optimized-marketing.com. If you remain unsatisfied, you may contact your state attorney general or applicable data protection authority.
Marketing Opt-Out: You can opt out of our marketing emails by using the unsubscribe link. Service and security notices are transactional and not subject to opt-out.
Global Privacy Control/“Do Not Track”: For our websites, we honor applicable browser-based opt-out signals (e.g., GPC) where required by law.
10. ADDITIONAL DISCLOSURES FOR U.S. STATE LAWS (INCLUDING CALIFORNIA)
10.1 Categories Collected. In the last 12 months we collected: identifiers (e.g., name, email, IP), commercial info (subscriptions), internet/network activity (usage logs), geolocation (coarse IP-based), professional/employment info (titles), and inferences (product usage patterns). Sensitive personal information is not required to use OMI and should not be uploaded unless expressly permitted by contract.
10.2 Purposes. See Section 4. We do not use or disclose sensitive personal information for purposes other than those permitted by law.
10.3 “Sale”/“Sharing.” We do not sell personal information and do not share Customer Data for cross-context behavioral advertising. Limited website analytics/marketing on our corporate sites may be considered “sharing”; you can opt out via site controls/GPC.
10.4 Disclosure for Business Purposes. We disclose personal information to service providers for business purposes as described in Section 5.
10.5 Nondiscrimination. We will not discriminate against you for exercising your privacy rights.
11. EEA/UK/SWISS USERS
11.1 Controller. Optimized-Marketing.com LLC is the controller for account/operations data. For Customer Data, we act as processor under the DPA.11.2 Legal Bases. See Section 4. For marketing communications, our legal basis is consent or legitimate interests as applicable.11.3 International Transfers. We may transfer personal information to countries without equivalent data-protection laws (e.g., United States). We use appropriate safeguards such as the EU Standard Contractual Clauses (and the UK addendum where applicable). Copies of relevant safeguards are available upon request (subject to redaction).11.4 Data Protection Officer/Representative.Privacy Contact: privacy@optimized-marketing.comEU/UK Representative (if appointed): [Entity/Contact Details]
12. CHILDREN’S PRIVACY
The Service is not directed to children and is intended for business use by adults. We do not knowingly collect personal information from individuals under 16. If you believe a child has provided personal information, contact us to request deletion.
13. CUSTOMER RESPONSIBILITIES (WHEN WE PROCESS AS YOUR PROCESSOR)
13.1 Lawful Instructions. You will ensure you have a lawful basis and required notices/consents for Customer Data you submit to the Service (e.g., opt-ins for email/SMS/voice under anti-spam and telemarketing laws).13.2 Security Configuration. You are responsible for configuring and managing your users, roles, authentication (e.g., MFA), shared-credential risks, and integrations. You are also responsible for honoring data-subject requests relating to Customer Data; we will assist you as described in the DPA.13.3 Messaging Carriers and Registrations. You are responsible for required registrations and fees (e.g., A2P/10DLC brand and campaign registrations), and for content compliance with carrier policies. HighLevel Support Portal
14. SUB-PROCESSORS (HIGHLEVEL)
14.1 HighLevel as Core Sub-Processor. We operate OMI on a white-label basis using the HighLevel platform. In providing the Service, we engage HighLevel Inc. as a sub-processor, and HighLevel may use additional sub-processors. For details, please see HighLevel’s Privacy Policy, Data Processing Agreement (including sub-processor annexes), and public Sub-Processors list. GoHighLevel+2GoHighLevel+2
14.2 Privacy & Security Posture. HighLevel provides privacy and security information (including certification under the EU Data Privacy Framework) in its public privacy/security resources. GoHighLevelHighLevel Support Portal14.3 HIPAA Option. HighLevel accounts are not HIPAA-compliant by default; HIPAA is an optional, paid upgrade that must be enabled at the agency level for covered-entity/PHI use cases. If you intend to process PHI, do not use OMI for PHI until a mutually executed BAA is in place and the HIPAA add-on is enabled. HighLevel Support Portal14.4 Status Notifications. For transparency around uptime and incidents that may affect the platform, you can monitor HighLevel’s public status page at status.gohighlevel.com.
15. INTERNATIONAL USERS OUTSIDE THE EEA/UK
By using the Service, you understand that your personal information may be processed in the United States and other countries where we or our providers operate. Those locations may have different data-protection laws than your country of residence.
16. CHANGES TO THIS POLICY
We may update this Policy to reflect operational, legal, or regulatory changes. If we make material changes, we will provide reasonable notice (e.g., in-app, email, or website notice). Your continued use of the Service after the effective date of an update constitutes acceptance.
17. CONTACT US
For questions or concerns about this Policy, or to exercise your rights, contact:Email: privacy@optimized-marketing.comSecurity Reporting: security@optimized-marketing.comAppeals (privacy requests): appeals@optimized-marketing.comPostal: Optimized-Marketing.com LLC, Attn: Privacy, PO Box 328, Star Junction, PA 15482
18. SUPPLEMENTS
18.1 Data Processing Addendum (DPA). Our DPA (including Standard Contractual Clauses, where applicable) governs our processing of Customer Data as your processor/service provider. To request the DPA, contact privacy@optimized-marketing.com. (For HighLevel’s own DPA and sub-processor annexes, see the HighLevel links referenced above.) GoHighLevel18.2 Sub-Processors. We maintain a list of our sub-processors (including HighLevel) and will provide notice of material changes as required by the DPA. HighLevel also publishes its own sub-processors list and update mechanism. GoHighLevel
Automated Decision Systems in Recruiting
Optimized Marketing uses automated systems, including artificial-intelligence–based tools, to assist in the collection and preliminary evaluation of employment-application information.
These tools help identify relevant qualifications, ensure consistent review, and improve the efficiency of our hiring process. All hiring decisions include human oversight.
Categories of data processed:
Information you provide during the application process (e.g., resume, work history, education, skills, and communications with our hiring assistant).
Purpose of use:
To manage recruiting, evaluate candidate qualifications, and maintain related records.
Data retention:
Applicant data generated through our automated systems is retained for up to two years from the date of collection, unless a longer period is required by law or necessary for legal or compliance purposes.
Your choices and rights:
Applicants may contact us at [privacy@optimizedmarketing.com] to request access, correction, or deletion of their applicant data, subject to applicable law.
Optimized Marketing does not currently accept employment applications from residents of California while we evaluate compliance with California’s new regulations on automated decision-systems in employment.
